@socketsecurity/lib 4.0.1 → 4.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +17 -0
  2. package/dist/constants/node.d.ts +3 -1
  3. package/dist/constants/node.js +31 -24
  4. package/package.json +2 -2
package/CHANGELOG.md CHANGED
@@ -5,6 +5,23 @@ All notable changes to this project will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [4.1.0](https://github.com/SocketDev/socket-lib/releases/tag/v4.1.0) - 2025-11-17
9
+
10
+ ### Added
11
+
12
+ - **constants/node**: New version helper functions for cleaner version detection
13
+ - `getNodeMinorVersion()`: Extract minor version number
14
+ - `getNodePatchVersion()`: Extract patch version number
15
+
16
+ ### Fixed
17
+
18
+ - **constants/node**: Improve Node.js flag management in `getNodeHardenFlags()`
19
+ - Properly guard `--experimental-permission` for Node 20-23 only
20
+ - Properly guard `--permission` for Node 24+ only
21
+ - Properly guard `--force-node-api-uncaught-exceptions-policy` for Node 22+ (was incorrectly applied to all versions)
22
+ - Automatically include permission grants from `getNodePermissionFlags()` for Node 24+
23
+ - Remove `--experimental-policy` flag (no policy file provided)
24
+
8
25
  ## [4.0.1](https://github.com/SocketDev/socket-lib/releases/tag/v4.0.1) - 2025-11-17
9
26
 
10
27
  ### Changed
package/dist/constants/node.d.ts CHANGED
@@ -1,6 +1,8 @@
1
1
  // Version detection.
2
2
  export declare function getNodeVersion(): string;
3
3
  export declare function getNodeMajorVersion(): number;
4
+ export declare function getNodeMinorVersion(): number;
5
+ export declare function getNodePatchVersion(): number;
4
6
  // Maintained Node.js versions.
5
7
  export declare function getMaintainedNodeVersions(): readonly string[] & {
6
8
  current: string;
@@ -18,8 +20,8 @@ export declare function supportsNodeRun(): boolean;
18
20
  export declare function supportsNodeDisableSigusr1Flag(): boolean;
19
21
  export declare function getNodeDisableSigusr1Flags(): string[];
20
22
  export declare function supportsProcessSend(): boolean;
21
- export declare function getNodeHardenFlags(): string[];
22
23
  export declare function getNodePermissionFlags(): string[];
24
+ export declare function getNodeHardenFlags(): string[];
23
25
  export declare function getNodeNoWarningsFlags(): string[];
24
26
  // Execution path.
25
27
  export declare function getExecPath(): string;
package/dist/constants/node.js CHANGED
@@ -26,7 +26,9 @@ __export(node_exports, {
26
26
  getNodeDisableSigusr1Flags: () => getNodeDisableSigusr1Flags,
27
27
  getNodeHardenFlags: () => getNodeHardenFlags,
28
28
  getNodeMajorVersion: () => getNodeMajorVersion,
29
+ getNodeMinorVersion: () => getNodeMinorVersion,
29
30
  getNodeNoWarningsFlags: () => getNodeNoWarningsFlags,
31
+ getNodePatchVersion: () => getNodePatchVersion,
30
32
  getNodePermissionFlags: () => getNodePermissionFlags,
31
33
  getNodeVersion: () => getNodeVersion,
32
34
  supportsNodeCompileCacheApi: () => supportsNodeCompileCacheApi,
@@ -45,7 +47,13 @@ function getNodeVersion() {
45
47
  return NODE_VERSION;
46
48
  }
47
49
  function getNodeMajorVersion() {
48
- return Number.parseInt(NODE_VERSION.slice(1).split(".")[0] || "0", 10);
50
+ return Number.parseInt(NODE_VERSION.slice(1).split(".")[0] ?? "0", 10);
51
+ }
52
+ function getNodeMinorVersion() {
53
+ return Number.parseInt(NODE_VERSION.split(".")[1] ?? "0", 10);
54
+ }
55
+ function getNodePatchVersion() {
56
+ return Number.parseInt(NODE_VERSION.split(".")[2] ?? "0", 10);
49
57
  }
50
58
  function getMaintainedNodeVersions() {
51
59
  return import_maintained_node_versions.maintainedNodeVersions;
@@ -68,24 +76,22 @@ function supportsNodePermissionFlag() {
68
76
  }
69
77
  function supportsNodeRequireModule() {
70
78
  const major = getNodeMajorVersion();
71
- return major >= 23 || major === 22 && Number.parseInt(NODE_VERSION.split(".")[1] || "0", 10) >= 12;
79
+ return major >= 23 || major === 22 && getNodeMinorVersion() >= 12;
72
80
  }
73
81
  function supportsNodeRun() {
74
82
  const major = getNodeMajorVersion();
75
- return major >= 23 || major === 22 && Number.parseInt(NODE_VERSION.split(".")[1] || "0", 10) >= 11;
83
+ return major >= 23 || major === 22 && getNodeMinorVersion() >= 11;
76
84
  }
77
85
  function supportsNodeDisableSigusr1Flag() {
78
86
  const major = getNodeMajorVersion();
87
+ const minor = getNodeMinorVersion();
79
88
  if (major >= 24) {
80
- const minor = Number.parseInt(NODE_VERSION.split(".")[1] || "0", 10);
81
89
  return minor >= 8;
82
90
  }
83
91
  if (major === 23) {
84
- const minor = Number.parseInt(NODE_VERSION.split(".")[1] || "0", 10);
85
92
  return minor >= 7;
86
93
  }
87
94
  if (major === 22) {
88
- const minor = Number.parseInt(NODE_VERSION.split(".")[1] || "0", 10);
89
95
  return minor >= 14;
90
96
  }
91
97
  return false;
@@ -101,24 +107,6 @@ function supportsProcessSend() {
101
107
  return typeof process.send === "function";
102
108
  }
103
109
  let _nodeHardenFlags;
104
- function getNodeHardenFlags() {
105
- if (_nodeHardenFlags === void 0) {
106
- const major = getNodeMajorVersion();
107
- const flags = [
108
- "--disable-proto=delete",
109
- // Node.js 24+ uses --permission instead of --experimental-permission.
110
- // The permission model graduated from experimental to production-ready.
111
- major >= 24 ? "--permission" : "--experimental-permission",
112
- // Force uncaught exceptions policy for N-API addons (Node.js 22+).
113
- "--force-node-api-uncaught-exceptions-policy"
114
- ];
115
- if (major < 24) {
116
- flags.push("--experimental-policy");
117
- }
118
- _nodeHardenFlags = flags;
119
- }
120
- return _nodeHardenFlags;
121
- }
122
110
  let _nodePermissionFlags;
123
111
  function getNodePermissionFlags() {
124
112
  if (_nodePermissionFlags === void 0) {
@@ -138,6 +126,23 @@ function getNodePermissionFlags() {
138
126
  }
139
127
  return _nodePermissionFlags;
140
128
  }
129
+ function getNodeHardenFlags() {
130
+ if (_nodeHardenFlags === void 0) {
131
+ const major = getNodeMajorVersion();
132
+ const flags = ["--disable-proto=delete"];
133
+ if (major >= 24) {
134
+ flags.push("--permission");
135
+ flags.push(...getNodePermissionFlags());
136
+ } else if (major >= 20) {
137
+ flags.push("--experimental-permission");
138
+ }
139
+ if (major >= 22) {
140
+ flags.push("--force-node-api-uncaught-exceptions-policy");
141
+ }
142
+ _nodeHardenFlags = flags;
143
+ }
144
+ return _nodeHardenFlags;
145
+ }
141
146
  let _nodeNoWarningsFlags;
142
147
  function getNodeNoWarningsFlags() {
143
148
  if (_nodeNoWarningsFlags === void 0) {
@@ -159,7 +164,9 @@ const ESNEXT = "esnext";
159
164
  getNodeDisableSigusr1Flags,
160
165
  getNodeHardenFlags,
161
166
  getNodeMajorVersion,
167
+ getNodeMinorVersion,
162
168
  getNodeNoWarningsFlags,
169
+ getNodePatchVersion,
163
170
  getNodePermissionFlags,
164
171
  getNodeVersion,
165
172
  supportsNodeCompileCacheApi,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@socketsecurity/lib",
3
- "version": "4.0.1",
3
+ "version": "4.1.0",
4
4
  "packageManager": "pnpm@10.22.0",
5
5
  "license": "MIT",
6
6
  "description": "Core utilities and infrastructure for Socket.dev security tools",
@@ -690,7 +690,7 @@
690
690
  "@socketregistry/is-unicode-supported": "1.0.5",
691
691
  "@socketregistry/packageurl-js": "1.3.5",
692
692
  "@socketregistry/yocto-spinner": "1.0.25",
693
- "@socketsecurity/lib-stable": "npm:@socketsecurity/lib@4.0.0",
693
+ "@socketsecurity/lib-stable": "npm:@socketsecurity/lib@4.0.1",
694
694
  "@types/node": "24.9.2",
695
695
  "@typescript/native-preview": "7.0.0-dev.20250920.1",
696
696
  "@vitest/coverage-v8": "4.0.3",